Feb 17, 2011

Free Open Source Password Vault Server

So here’s the deal at my day gig. I’m sure you all have something similar. There are a number of shared service account, or web portal passwords that your team uses and you want to make sure that only authorized people get to them. Some security experts frown on this, while others suggest this. I’m not going to get into that argument in this post, I am just going to write about what I stood up for my company that looks like it will work for our needs.

So the other day my boss asked us to start looking at a central password vault where we can manage all of our secure passwords. He wanted to make it so we could store all shared company passwords in one place. He also wanted to be able to control which groups had access to which passwords. He also didn’t want to spend any money. When I hear that, I immediately start looking in Linux and Open Source.

It took me a while to find, but I think I found the right solution. Now if you are scared of Linux, don’t worry, this solution works on a Windows server too. I however set it up in Ubuntu Linux Server edition, so that is what I will post about. The tool is called Web KeePass. It is a Java web-based port of the popular KeePass password safe. When I say web-based, that means a central server repository of your sensitive credentials.

With it you can store your passwords using AES, 3DES, Blowfish, Serpent or other encryption algorithms to ensure your credentials stay safe. You can also configure multiple users, and groups to control who has access to certain passwords. Since it’s open source, it also means it is free! Sounds like I am meeting all my boss’s requirements.

To set it up in Ubuntu do the following:

  • First install Java SDKkeepass_logo

    sudo apt-get install default-jdk

  • Next Install unzip

    sudo apt-get install unzip

  • Download the Web Keepass install pack

    wget http://downloads.sourceforge.net/project/webkeepass/WebKeePass-3.101127.zip

  • Create a directory called wkp in /opt

    sudo mkdir /opt/wkp

  • Unzip the Web KeePass install pack

    unzip WebKeePass-3.101127.zip

  • Change into the Web Keepass Install folder

    cd WebKeyPass*

  • Make the Install-no-gui.sh file executable

    sudo chmod +x Install-no-gui.sh

  • Execute the Install-no-gui.sh file

    sudo ./Install-no-gui.sh

  • Enter the following info when prompted

    Installation Path: /opt/wkp
    JAVA_HOME Path: /usr/lib/jvm/java-6-openjdk
    Tomcat HTTPS/SSL Port:
    (Leave the rest as defaults)

  • Change into the /opt/wkp directory

    cd /opt/wkp

  • Make startup.sh executable and set permissions

    sudo chmod a+x ./startup.sh
    sudo chmod a+x ./jakarta-tomcat-5.5.7/bin/*.sh

  • Run startup.sh to launch your new server

    sudo ./startup.sh

  • You can now browse to your KeePass Web Server at https://youruserver



Simple right? You could stand this thing up in under 10 minutes if your wanted to, and have a really secure place to store your sensitive passwords. If you want to make sure Web Keepass starts at bootup, add the following lines to /etc/rc.local right before exit 0:

export JAVA_HOME=/usr/lib/jvm/java-6-openjdk
/bin/sh /opt/wkp/jakarta-tomcat-5.5.7/bin/startup.sh

What do you guys think? Do you know of a similar password vault solution? One that is web-based? I would love to hear about your favorites in the comments.

Twitter Delicious Facebook Digg Stumbleupon Favorites More

Design by Free WordPress Themes | Bloggerized by Lasantha - Premium Blogger Themes | stopping spam